<?php 
/*
* StiPHPcms, A web Content management System made with PHP/MySQL
* JordSti : jord52@gmail.com
* Version : 0.0.1
*
* Copyright (C) 2009  jord52@gmail.com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

include "core/main.php";

$cms = new CMSPage($cms_config);

$cms->init();

if(isset($_GET['t']))
{
	$task = $_GET['t'];
}
else
{
	$task = 'default';
}


if($task=='default')
{
	viewPage($cms);
}
else if($task=='edit')
{
	editPage($cms);
}
else if($task=='save')
{
	savePage($cms);
}

$cms->close();

function viewPage($cms)
{
	if(isset($_GET['p']))
	{
		$page_title = $_GET['p'];
	}
	else
	{
		$cms->error($cms->lang['page_not_found']);
	}
	
	$page_title = mysql_real_escape_string($page_title);


	$dt = $cms->sql_query("SELECT p.title,p.content,p.timestamp,p.time_lastedit,p.rank_to_see,p.rank_to_edit,u.username FROM %prefix%pages p LEFT JOIN %prefix%users u ON(p.user_id=u.id)  WHERE p.title='$page_title'");

	if(mysql_num_rows($dt)==0)
	{
		editPage($cms);
	}
	else
	{
		$html = '';
		$data = mysql_fetch_array($dt);

		$title = $data['title'];

		require_once("core/sticode.php");

		$content = '<p>'.parseStiCode(stripslashes($data['content'])).'</p>';

		$date_created = date($cms->lang['dateformat'],$data['timestamp']);
		$date_last_edit = date($cms->lang['dateformat'],$data['time_lastedit']);

		$created_by = $data['username'];

		if($data['rank_to_see']>$cms->getUserRank())
		{
			$cms->error($cms->lang['right_error']);
		}

		if($data['rank_to_edit']<=$cms->getUserRank())
		{
			$html .= '<p><a href="page.php?t=edit&p='.$page_title.'">'.$cms->lang['edit'].'</a></p>';
		}
		
		$html .= $content;
		
		$html .= '<p>'.$cms->lang['page_last_modification'].' : '.$date_last_edit.'<br /> '.$cms->lang['page_created_on'].' : '.$date_created.'<br /> '.$created_by.'</p>';
	
		$cms->renderHeader($page_title);
		$cms->renderMenu();
		
		$cms->template->addFrame($page_title,$html);
	}
}


function savePage($cms)
{
	require_once("core/tools/string.php");
	
	$_POST = array_htmlentities($_POST);
	$_POST = array_sql_escape($_POST);
	
	$page_title = $_POST['title'];
	$content = $_POST['content'];
	
	$dt = $cms->sql_query("SELECT * FROM %prefix%pages WHERE title='$page_title'");
	
	if(mysql_num_rows($dt)==0)
	{
		$stamp = time();
		$user_id = $_SESSION['user_id'];
		$dt = $cms->sql_query("INSERT INTO %prefix%pages SET title='$page_title',user_id='$user_id',timestamp='$stamp'");
		$rank_to_see = intval($_POST['rank_to_see']);
		$rank_to_edit = intval($_POST['rank_to_edit']);
	}
	else
	{
		$data = mysql_fetch_array($dt);
		
		$rank_to_see = $data['rank_to_see'];
		$rank_to_edit = $data['rank_to_edit'];
	}
	
	if($rank_to_edit>$cms->getUserRank())
	{
		$cms->error($cms->lang['right_error']);
	}
	
	$rank_to_see = intval($_POST['rank_to_see']);
	$rank_to_edit = intval($_POST['rank_to_edit']);
	$last_edit = time();
	
	$cms->sql_query("UPDATE %prefix%pages SET content='$content',rank_to_see=$rank_to_see,rank_to_edit=$rank_to_edit,time_lastedit='$last_edit' WHERE title='$page_title'");

	
	$_GET['p'] = $page_title;
	editPage($cms);
}

function editPage($cms)
{
	if(isset($_GET['p']))
	{
		$page_title = $_GET['p'];
	}
	else
	{
		$page_title = 'new page';
	}
	$page_title = mysql_real_escape_string($page_title);
	
	$dt = $cms->sql_query("SELECT * FROM %prefix%pages WHERE title='$page_title'");
	
	if(mysql_num_rows($dt)==0)
	{
		$data['title'] = $page_title;
		$data['content'] = '';
		$data['rank_to_see'] = '0';
		$data['rank_to_edit'] = '1';
	}
	else
	{
		$data = mysql_fetch_array($dt);
	}
	
	require_once("core/tools/string.php");
	
	$data = array_stripslashes($data);
	
	if($data['rank_to_edit']>$cms->getUserRank())
	{
		$cms->error($cms->lang['right_error']);
	}
	
	$cms->loadStiCodeScript();
	require_once("core/sticode.php");
	
	$html = '<form id="page_edit" name="page_edit" method="post" action="page.php?t=save">
<fieldset>
<legend>'.$cms->lang['page_edit'].'</legend>
  <p>
    <label for="title">'.$cms->lang['page_title'].' : </label>
    <input name="title" type="text" id="title" value="'.$data['title'].'" tabindex="10" size="32" maxlength="256" />
    </p>
    '.StiCodeHTMLFormBar('content').'
      <p>
      <label for="content">'.$cms->lang['page_content'].' : </label><br />
      <textarea name="content" id="content" cols="45" rows="20" tabindex="60">'.$data['content'].'</textarea>
    </p>
    
    <p>
    <label for="rank_to_see">'.$cms->lang['page_rank_to_see'].' : </label>
    <input name="rank_to_see" type="text" id="rank_to_see" value="'.$data['rank_to_see'].'" tabindex="20" size="5" maxlength="4" />
  </p>
      <p>
    <label for="rank_to_edit">'.$cms->lang['page_rank_to_edit'].' : </label>
    <input name="rank_to_edit" type="text" id="rank_to_edit" value="'.$data['rank_to_edit'].'" tabindex="30" size="5" maxlength="4" />
  </p>
  <p>
  <input name="send" type="submit" value="'.$cms->lang['save'].'" id="send" />
  </p>
    </fieldset>
    </form>';
	
	$cms->renderHeader($page_title);
	$cms->renderMenu();
	$cms->template->addFrame($page_title,$html);
}

?>